Some DNS Requests Ruled Illegal in North Dakota

jgreco writes "A judge in North Dakota has just ruled that requesting a zone transfer from a public DNS server is criminal activity within the meaning of the North Dakota Computer Crimes Law. A zone transfer is a simple request that a DNS server hand over information in bulk, and a DNS server may be configured to allow or deny such requests. That the owner of a DNS server would configure the server to allow such requests, and then claim such requests were unauthorized, is simply stunning."

DNS illegal now? Read again.

[Anonymous Coward]

Might want to read the actual court ruling instead of the populistic and alarmist comments surrounding it. As I read it, the defendant already had been told by the court to stop bothering the plaintiff, and he then proceeded to ignore that. In and of itself the ruling doesn't outlaw dns requests, altough the judge's grasp of the technology clearly could stand improvement.

Default settings allow it...

[mnslinky]

BIND 9.x and earlier allow this activity by default. This being the case, a new and/or ignorant system administrator may not realize their zone file is available for the taking.

One more example of the law having to protect the stupid, but I can *sorta* see the point of it. This falls in line with stealing wifi from unprotected networks. Just because it's not secured doesn't mean it OK to break in.

FUD

[Telephone Sanitizer]

It's a civil case.

The worst that can be said about it is that it's bad precedent and the judgment was wrong.

The judge did not make DNS requests illegal.

Re:DNS illegal now? Read again.

[autocracy]

TFA really sucks. The linked judgment is much more useful to read. I'm kind of saddened by the judges focus on "zone transfers," but it's clear that the issue is not about zone transfers. The issue is a pattern of malicious activity that the defendant had an injunction placed on him for. He violated that injunction. It was corporate cyber-stalking harassment, really. I'd say that the zone transfer was illegal in context, especially with an outstanding injunction to stay off the company's servers.

Facts from the ruling

[InvisiBill]

18. Ritz was not an authoritative name server, a DNS server, nor any kind of computer at the time he accessed Sierra's computer.

I'm pretty sure that one wins some sort of award reserved for the highest level of intellectuals.

21. The information which Ritz published was not public. Moreover, much of the information was not publicly accessible.

In all seriousness, I think this is where the major issue lies. The judge ruled that because most people don't know about host -l, that the information was private, even though it was publicly available with a standard command.

If Ritz had previously been ordered to leave Sierra alone, and hadn't, then that's a basis for the ruling right there, completely ignoring any aspect of DNS. From the court documents, the guy sounds like quite a piehole.

Re:beware

[Nos.]

It says (even in the summary) we're talking about zone transfers, not regular lookups. So sue all you want, just don't be surprised when every case is thrown out.

Re:consequence of bad computer crime laws

[Simon Brooke]

The act of putting up a website (or any other internet server) on the public internet should be enough to say the operator of the server gave you permission to access it. If you don't want people accessing your server, at least put a password on it for basic access control, or if it requires more security, than put it behind a VPN/Firewall box.

The act of putting up a DNS server is exactly the same. But we now know it's illegal to access a DNS server, therefore it must be illegal to access a web server.

Without written permission in triplicate, signed in longhand by the owner of the data using a quill pen and attested by the county registrar and the sheriff, of course.

Re:Facts from the ruling

[onecheapgeek]

From the ruling:
7. Ritz, at all times material, acted intentionally and with the intent to gather as much DNS and other information as possible about Sierra and its principals, agents and related entities and persons. Ritz made the information he gathered available to several persons, including a competitor of Sierra, SuperNews and SuperNews accessed that information. Ritz has admitted that SuperNews personnel accessed the zilla queries file where it resided on his computer via http connection.

8. The intended purpose of a zone transfer is primarily one of redundancy. Zone
-3-
transfers are the means by which a primary authoritative domain name server copies the domain structure to a secondary authoritative domain name server for the purpose of redundancy. Generally, both of those servers pertain to the same domain. In all intended uses of a zone transfer, the secondary server is operated by the same party that operates the primary server. A secondary intended purpose for zone transfers is to permit trouble shooting in which case zone transfers may sometimes be undertaken via the manually conducted host -l command. In those instances, however, the person conducting the diagnosis acts with the authorization of the operator of the system and is usually the network administrator for the system.

9. The evidence presented at trial produced no treatises or authoritative sources to suggest that any other intended purpose exists for a zone transfer. The academic and technical resources put in evidence at trial uniformly indicate that zone transfers have no intended purposes beyond those mentioned above.

10. The literature available on the subject all refers to access attempts such as the host -l command issued by Ritz under the circumstances of this case as "unauthorized." Microsoft itself, as well as various other, authorities all refer to zone transfers conducted by an individual other than the network administrator or an authoritative name server as "unauthorized."

11. Ritz accessed Sierra's computer, copied and disclosed information found on that computer beginning at least with the February 27, 2005 access and continuing thereafter through the summer of 2005. Ritz made several access attempts which were also unsuccessful after April 1, 2005.

12. Publication of the zilla queries file containing information about Sierra including its internal domain structure created a grave security risk for Sierra. That information, in the
-4-
hands of outsiders with malicious intent. threatens the integrity of Sierra's computer system. Publication of that information also competitively injured Sierra since a competitor such as SuperNews can use the information to better evaluate and compete with Sierra.

13. Ritz has port scanned thousands of computed, including those of Sierra.

14. Ritz frequently attempted to access Sierra's computers from a variety of locations in case Sierra was blocking access from his known IP address. He also concealed the IP address of his point of origin in order to shield himself from blame or, as he put it, "taking the beat."

15. Ritz has participated in approximately eighteen UseNet death penalties ("UDP"). A UDP is an attempt to force a Usenet service provider to change its behavior by threatening to have peers cancel their relationships with the target of the UDP, canceling messages propagated from the target of the UDP and if that fails, to go to other providers to convince them to cease doing business with the target. Once he was armed with Sierra's internal domain structure and published that information. Ritz called for a UDP against Sierra.

16. Ritz has issued Internet mail bombs and undertaken efforts which resulted in disconnecting third parties from the Internet

This guy was not doing ANYTHING legitimate. He was trying to damage their business through whatever means he could, including attacking their customer base. On top of it all, he began to try to circumvent the actions they took to prevent him from accessing the information. He started using proxies to bypass an IP block. To say this has any effect on a secondary DNS doing a zone transfer for DNS purposes is beyond stupid.

Re:Unbelievable

[Intron]

FINDINGS OF FACT

"In all intended uses of a zone transfer, the secondary server is operated by the same party that operates the primary server. A secondary intended purpose for zone transfers is to permit trouble shooting in which case zone transfers may sometimes be undertaken via the manually conducted host -l command. In those instances, however, the person conducting the diagnosis acts with the authorization of the operator of the system and is usually the network administrator for the system."

Sounds like the judge understood it pretty well to me.

Re:consequence of bad computer crime laws

[aproposofwhat]

More to the point, what idiot would put DNS records relating their internal private network on a publically accessible DNS server?

That's what Sierra did, according to the court decision.

Either the admin responsible is incredibly stupid, incredibly lazy or just hasn't thought through the security implications.

Re:consequence of bad computer crime laws

[jvkjvk]

No, it's not completely ridiculous. We can talk about generalities as long as we want but they are nothing but straw men. This is a specific case, and it appears to be a special case, where the defendant had an injunction against him to prevent him from harassing the company in question.

Essentially, the judge ruled that the injunction did indeed include the DNS servers the company had. Imagine that, he got that one right!

IOW, even if the company was running a web server on port 80 and require no authentication, it can easily be assumed that --- the defendant would still be barred from making requests to that page. No, not people in general one specific individual who was barred from interacting with the company.

To rule otherwise is nothing but pure stupidity.

Re:consequence of bad computer crime laws

[Sancho]

Further reading from the link I posted states that the court isn't ruling on normal DNS requests. Under "CONCLUSIONS OF LAW":

2. The Court need not determine whether a normal, single DNS query is authorized within the meaning of the statute. Even if there had been any authorization for a such a DNS query or lookup, Ritz exceeded that authorization in violation of the statute by conducting a zone transfer and attempting further access.

So the court isn't claiming that a DNS query, in the general case, is illegal.

Forgive the redundancy,

[Hellad]

but there is NOTHING ILLEGAL mentioned here. This is a civil trial, not criminal. The acts may be found illegal later in Ritz's later criminal trial, but that remains to be seen. Also, the issue is a question of whether Ritz was authorized to do the DNS request. The DNS request is legal for the administrators without problem. Obviously, the issue of Ritz's requests is worth debating. The article summary is horrible, as is the linked article. But, the linked blog entry has yet another link which gives the whole opinion as well as some more informed commentary. For those that want to be informed before spewing, I would suggest checking it out. (for the the other 99% of slashdotters, please feel free to ignore this at will).

Re:Unbelievable

[orclevegam]

There's actually a good deal of information in there if you read between the lines a little. What I gathered from it and one of the sites linked by it, is that this guy is well known in the anti-spammer circles as a spam investigator that can compile loads of detailed info on spammers. Apparently Sierra (the plaintiff) is notorious for spam and also for suing anti-spam activists. During the course of compiling evidence against Sierra, this guy performed a DNS Zone transfer (most likely to prove that the source of some spam was actually a server hosted by Sierra). Sierra then sued him claiming the zone transfer wasn't authorized by them, and therefore it was illegal (not going to argue if that's logical or not, just summarizing here). Up to this point any technically minded person would probably think the plaintiff was on pretty shaky ground. However, the defendant screwed himself over it seems by annoying the judge various ways. According to the findings, the defendant gave false testimony on several occasions. It may or may not have been false testimony, it's sometimes hard to say when lawyers get involved, but the judge perceived it as such and that's what counts. Much worse it seems, is that the judge ordered the defendant not to perform certain scans of Sierras network, but he then proceeded to ignore those orders. This action seems to be the one that really blew the case for him, as it's apparent the judge was really not happy with him for that one.

Re:DNS illegal now? Read again.

[Mr. Beatdown]

He was found to have violated an injunction from accessing ANY of the plaintiff's websites. This injunction was issued on August 4th, 2005. That being said, he wanted to argue in the face of the injunction that any access to a public web server was de facto authorized. The judge ruled (correctly) that though all the information remained on the "public" internet, that any access by Ritz after the injunction was unauthorized. Ritz, however, performed the zone transfer query in question on February 27, 2005. Read that as almost 6 months before any injunction was made against his access. The judge ruled (astoundingly incorrectly) that the query was unauthorized. ANY access request from that is not subject to authentication from the Internet at large should be considered authorized. The moment you put a notice or a 1 character password it becomes unauthorized. The judge's HUGE gap in application of the law was to rule that ANY specific access of a publicly accessible unauthenticated computer system could represented unauthorized access. Publicly accessible unauthenticated = authorized. The participation in Usenet Death Penalties is not a mark against Ritz, but in his favor. The vast majority of the findings look to establish Ritz as a menace to Sierra, when in fact his advocacy for the Internet as a whole is what puts him in conflict with them. The judge's ruling fails to consider that this man is not a vigilante out to slander and misinform and declare UDP fatwas against random ISP's. He is in fact a citizen performing tasks that anyone investigating a suspected bad net neighbor would be expected to use. His possible harassing behavior aside, he was found in violation of nothing other than unauthorized computer access, a claim that, absent the injunction, is not able to be supported by the common understanding or practice of access to computer systems since the inception of the first networked computers. This guy was also found to be the Bastard Operator from Hell [iinet.net.au]. The BOFH is actually named Simon Travaglia, but whatever.

Re:Facts from the ruling

[orgelspieler]

Actually, David Ritz is an anti-spam vigilante, who is being sued by Jerry Reynolds who appears to be a Usenet spammer, and sues [rahul.net]* spam-fighters. Though you're right that the court documents make it sound like David's the bad guy.

*Looks like the guy on this site is a co-defendant with David Ritz, so maybe not the most reliable source.

Re:Port 53 rebel from hell

[jtroutman]

I'm guessing you're young, under thirty at least. I only say this because the "the tag may only be removed by the consumer" bit is a change that was made about fifteen years ago, before that they read "Do Not Remove Under Penalty of Law" in bold, black letters. So most people grew up with these ominous tags on all their pillows and mattresses warning that if they removed them there were stiff penalties involved. Nowadays, not so much. Meh.

So who's the nerd now, huh?

The facts on the case

[efalk]

As one of the people involved in this, I think I should take a minute to set the record straight.

Sexzilla was once one of the largest porn spammers on usenet. I wrote about them on my web site. The owner, Jerry Reynolds, sued me for defamation. I asked the other spam-fighters for whatever they had on Sexzilla so I could defend myself.

David Ritz responded with something along the lines of "Oh, it's true alright, here's the dns zone information that proves it." He also published his results on-line.

Reynolds then sued David for an "unauthorized zone transfer".

That zone transfer is the entirety of Reynolds' case against David. The rest of the stuff in the judge's decision was all a bunch of bullshit spoon-fed to the judge by Reynolds. Most of it has nothing to do with the case at hand, and most of it is either untrue or gross distortions of the truth. For example, the "hijacked" computer was an open relay that Ritz used to send one message to Verizon security, proving to them that they had an open relay.

You can read the whole sorry saga here [blogspot.com].